Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 2 of 2
6 years ago
emonk
Here's an example from inside the extension: var target = doc.getElementById("myid"); var le = doc.createElement("li"); le.innerHTML = str; target.appendChild(le) Now in FF you can't just use prototype to redefine target.appendChild into something malicious, but I'm worried that someone could return something via 'doc.getElementById("myid");' that coul
Forum: CSRF and Session Info
6 years ago
emonk
I'm playing with writing a FF extension, and I'm curious if there's any way besides exploiting an unsanitized 'eval()' that someone could make my javascript execute their javascript in the chrome context? For instance if I'm doing something like this, is there a way they could embed malicious JS inside the variable and get it to run? var = somecrapfromarandomwebpage; alert(somecrapfromar
Forum: CSRF and Session Info
Current Page: 1 of 1